Hacker News new | past | comments | ask | show | jobs | submit login

I disagree. It's more similar to how you can "inject" your scripts into fiddle.jshell.net (via JSFiddle), googleusercontent.com (via Google Translate), etc.

Have a look at https://fiddle.jshell.net/pvcL4mjh/1/show/light/

Would you call that XSS / did I just steal JSFiddle's trustworthiness?




That's a fair point.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: